Thanks Chris on great tutorial! What's alternative option to user/identity - Azure AD? Version R80.40 is supported for SAML but it doesn't have that option?
Hi @Chris Great video authentiaction works fine however having a challenge on authorization I have already created the access roles and I'm also able to read the users on the Checkpoint gateway
i configured this and have an issue where my traffic is hitting the cleanup rule and not the rule with my access role. any ideas what's going on there? Also, you do not mention anything about enabling the identity awareness blade - isn't that also required?
Hi Chris, we're currently on R80.40 but maybe moving to R81 in a couple of months. Can Azure AD SSO also be used as an Identity Awareness provider to CheckPoint for filtering, etc?
hi chris, my customer has a problem with the authentication with saml: after Microsoft authentication is successful, the following load on the checkpoint client stops at 47% and it is necessary to restart the PC to connect correctly. What can I check?
does this solution assume there is to "on-prem active directory" ? does this solution work with the infinity portal ? (not the smart portal that you are using on your video )
great video! How do you deal with running the script in a Smart-1 Cloud environment? Can the script be modified to run the API commands in the cloud? Glad you made the R81 version, although I am curious that you didn’t need to give graph permissions to get the groups for the
Chris, I found a problem and I'm sure I've followed you step by step (already double checked). When I sing out and then sing in again, like you showed in the video, I'm not being prompted with the login form again. It simple let me in without any credentials required. Did you find the same behavior when setting up this for the first time?
I remember having the same problem. in my case it was because the user has his credentials saved in Chrome, what I did was change the browser used by the vpn client to use another one where the credentials were not saved.
Hello Victor, my customer ended up using another auth method, but I remember this issue was address be modifying the security auth settings for the OU in Google Workspace. Look for auth timeout for Google accounts.. In my case, it was set to 7 days :/
Hey, About Check Point SAML Auth for Remote Access VPN - I configured everything and checked it several times, but when connecting after entering a username and password, the connection fails and the error "negotiation with site failed" appears in the client
Hi Chris! Is this compatible with local or AD authentication on the VPN Login? In our environment we have local login or AD login, and we want to use MFA to the accounts on AzureAD, but we don't want to lose the local login for VPN accounts.
Awesome content. Very detailed. Many thanks, Chris.
Hi Chris! Thanks for the video!
Thank you! This save my life and my customer's too
Thanks Chris on great tutorial! What's alternative option to user/identity - Azure AD? Version R80.40 is supported for SAML but it doesn't have that option?
Good stuff!
Hi @Chris Great video authentiaction works fine however having a challenge on authorization
I have already created the access roles and I'm also able to read the users on the Checkpoint gateway
sounds like i'm having the same issue - did you get it fixed?
Hello chris may i know for cluster setup which gateway id should i select in new identity provider object like VIP of cluster ?
Great video Chris! how do you enable SAML for multiple Check Point Gateways? do you need an Enterprise Application and IDP per Gateway?
i configured this and have an issue where my traffic is hitting the cleanup rule and not the rule with my access role. any ideas what's going on there? Also, you do not mention anything about enabling the identity awareness blade - isn't that also required?
I have the same problem.
Hi Chris, we're currently on R80.40 but maybe moving to R81 in a couple of months. Can Azure AD SSO also be used as an Identity Awareness provider to CheckPoint for filtering, etc?
Hi Chris,
Thanks for the video!
How can I activate MFA with SAML?
First!
Hi Chris, Negotiation to site failed, IdP authentication is working fine. Kindly suggest on the same.
hi chris, my customer has a problem with the authentication with saml:
after Microsoft authentication is successful, the following load on the checkpoint client stops at 47% and it is necessary to restart the PC to connect correctly.
What can I check?
does this solution assume there is to "on-prem active directory" ?
does this solution work with the infinity portal ? (not the smart portal that you are using on your video )
great video! How do you deal with running the script in a Smart-1 Cloud environment? Can the script be modified to run the API commands in the cloud? Glad you made the R81 version, although I am curious that you didn’t need to give graph permissions to get the groups for the
just a follow up, I get the authentication, but no connection as user is not in any remote access group.
Chris, I found a problem and I'm sure I've followed you step by step (already double checked). When I sing out and then sing in again, like you showed in the video, I'm not being prompted with the login form again. It simple let me in without any credentials required. Did you find the same behavior when setting up this for the first time?
I remember having the same problem. in my case it was because the user has his credentials saved in Chrome, what I did was change the browser used by the vpn client to use another one where the credentials were not saved.
Good afternoon, I am implementing it and the same thing happens to me. Could you solve it?
Hello Victor, my customer ended up using another auth method, but I remember this issue was address be modifying the security auth settings for the OU in Google Workspace. Look for auth timeout for Google accounts.. In my case, it was set to 7 days :/
Hey,
About Check Point SAML Auth for Remote Access VPN - I configured everything and checked it several times, but when connecting after entering a username and password, the connection fails and the error "negotiation with site failed" appears in the client
My management is a cloud SMS, how can I execute the script?
Hi Chris!
Is this compatible with local or AD authentication on the VPN Login? In our environment we have local login or AD login, and we want to use MFA to the accounts on AzureAD, but we don't want to lose the local login for VPN accounts.
you need to check the sk provided by Chris, i remember there is a configuration to allow 2 login options
Can I do this for SSL VPN only?
from what I can tell it's supported on This feature supports only IPsec VPN clients. But if you did figure it out, I'd love to know.
It possible on SMB 1800 locally managed firewall?